The development of a streamlined electronic system requires consideration of the principles that inform the development and maintenance of the system over a time frame involving decades. The following are a set of Core Principles that focus on the objective, how the objective is to be realised, and the features of the system.

Design Principles

These principles refer to the design and implementation of the online permit and monitoring system.

  1. A Single System that serves the needs of permit granting authorities and applicants seeking to access genetic resources and/or traditional knowledge associated with genetic resources within a country’s jurisdiction.

  2. A Central Hub. In existing systems a permit application may be circulated by email or by post to various permit granting authorities. In this system the application, once submitted in electronic form, stays in place at a central server based hub. It is assumed that more than one authority may be involved in reviewing or authorising a permit. In this system notifications are dispatched to relevant authorities to inform them of the need for action on a particular application. Authorities log in to the system and take action accordingly, including communications with applicants that are transmitted through the notification system. Communications arising from an application are stored with the application as part of the electronic file register for the application.

  3. Easy to Use. The system should be as simple as possible and not require specialist knowledge or software to access or use the system. The system should not require specialist knowledge and is intended to be used by non-specialists using simple check boxes and entries in forms.

  4. Responsive. The system should be sufficiently flexible to adapt to the needs of different authorities, including their reporting needs.

The needs of police, customs and national park authorities should be addressed through responsive mobile formats (phones and tablets) including use of “permit passes” with QR codes (Quick Response codes) and bar codes similar to a mobile airline boarding pass. The “permit pass” would be carried by applicants and could be checked by relevant authorities on the ground using reader software on mobile phones with minimal effort. Consultation and practical testing with the relevant authorities is required to implement this principle.

  1. Secure. The system should meet standard security requirements (e.g. https:) and comply with applicable data protection laws. Attention should be paid to the provisions of the Nagoya Protocol on confidentiality (Article 14.2, 17.3, 17.4). Particular attention should be paid to the storage of commercially sensitive information linked to a permit and ABS contract including secure offline storage of such information. Backups of the system should be maintained securely and encrypted in accordance with existing standards for the protection of digital information. A physical archive of the documents should be maintained in accordance with existing practice.

Particular attention may also be required to protect against back doors. A back-door is a secret route into an electronic system that bypasses normal authentication requirements. Back doors may be built in at the design stage (to provide a means of restoring access to the system resulting from lockout) or discovered by users seeking access to the system. Consideration should be given to limiting the potential for back doors in any code and monitoring to detect back doors that may subsequently be discovered by users. For discussion on types of back doors see Wysopal, C and Eng, C (2015) Static Detection of Application Backdoors.

  1. Independent. The system should be based on, and maintained, using widely available standard open source software tools and standard text formats to avoid dependency on a single supplier/contractor or data format. No third party should own all or part of the system. Note that public procurement rules are likely to be of relevance in implementing this principle.

  2. Long Term. The research and development cycle involving biological and genetic resources or associated traditional knowledge may take place over a period of decades. It is therefore important to take a long term perspective on the functioning of the permit system and its integrity over time, including proper back-ups.

  3. Triple Redundancy. The permit system should build in the principle of triple redundancy in its tracking system rather than relying on a single point of reference. Triple redundancy is an engineering design principle that means that three distinct systems perform the same function. Because they are independent systems, if one system fails the two others will continue to work. If a second system fails then one other system, normally the simplest, will continue to work.

For a permit monitoring system the starting point could be a unique identifier such as a standardised country code (e.g. BS for the Bahamas or UG for Uganda and ZA for South Africa), the date (2015) and unique number (1234) to produce unique identifiers such as BS20151234, UG20151234 or ZA20151234. This system functions very effectively for 90 million patent documents in multiple countries and is recommended.

Further details and examples of the implementation of this principle for ABS are provided below.

  1. Integrating Technical and Legal Components. The development of an online permit and monitoring system is a technical development that is directed towards the effective realisation of legal obligations on the part of Parties to the Protocol and establishing clear legal requirements on the part of applicants. Legal aspects of the system, notably with respect to the terms of permits and contracts as well as change of intent should be recognised at the design stage. In practice this means that the development of the technical aspects of the system and the legal aspects should be closely linked. Longer term legal advice should be built into the development cycle to respond to changing legal requirements.

  2. Minimal Human Intervention. Primary responsibility for data input should rest with applicants in entering legally required information. Government action should be confined, as far as possible, to approval of electronic applications, communications related to approvals, and archiving of physical copies of records. The basis of this principle is that human intervention introduces typological errors (such as spelling mistakes) or errors of interpretation (such as interpretations of person or institutional names). These errors affect the integrity and utility of the system over the long term, particularly with respect to monitoring and reporting.

  3. Anticipate Legacy. A development cycle approach to the permit system should be established that involves forward planning and transitioning from an existing system (that becomes the legacy system) to a new system over time. A formal development plan should be developed and periodically reviewed based on experience gained.

  4. Value Permit Staff. The permit system is important to the ability of Parties to the Protocol to implement their obligations, generate benefit-sharing and the valuation of genetic resources and associated traditional knowledge. The time horizon for the realisation of benefits may span decades. While most countries have a permit system it is also important to value the staff who process permit data. This role will become increasingly important in future years in terms of the capacity to bring benefits for conservation and sustainable use. Consideration should therefore be given to recognition of the importance of staff roles and maintaining continuity in the skills required to run and maintain the system.

Unique Identifiers and Triple Redundancy

The principle of triple redundancy is a well established engineering principle that involves three different systems performing the same function. In the event that one system fails a second system takes over the same function. If the second system fails then the third system takes over. Given that the failure of all three systems is unlikely the function of a particular system within a wider system is maintained. It is important to note that triple redundancy does not guarantee that a system will not fail completely, rather it reduces the likelihood of failure.

The principle of triple redundancy is particularly relevant to an online permit and monitoring system in connection with the use of unique identifiers to maintain the link between a permit, mutually agreed terms and samples of biological material that are subsequently deposited with a collection, transferred to a collection in a third country and potentially utilized by third parties.

The problem that triple redundancy helps to address is in ensuring the maintenance of the connection between a permit and a document containing MAT (an ABS contract) and the materials that are collected and transferred. These materials may be either physical or electronic (e.g. DAN and amino acid sequence data). The extent of the meaning of genetic resources is likely to be defined in domestic ABS legislation.

The key to a monitoring system for materials under a permit and ABS contract is the use of unique identifiers. We propose a system consisting of the following unique identifiers

  1. Country Codes, dates and unique numbers (e.g. BS20151234)
  2. Bar codes
  3. QR Codes
  4. Html embed codes.

Country Code Identifiers

All countries possess a unique two letter country code defined in international standard ISO3166-1 alpha 3 (e.g. see this Wikipedia entry and the ISO browsing platform and select Country codes and search).

For example, the standard two letter country code for the Bahamas is BS, Kenya is KE, Uganda is UG and South Africa is ZA. If these country codes are combined with a date (YYYYMMDD) and a unique number (1234) a unique identifier will be generated. In this case we will simply use the year to generate the following identifiers.

BS20151234 KE20151234 UG20151234 ZA20151234

What is clear from this is that a single and distinctive unique identifier (country - year - number) has been created for each permit and corresponding MAT that is immediately distinguishable using the country code from similar number issued by other authorities. The combination of the country code, the date and a numeric identifier (country - YYYMMDD - number) is already used very successfully to keep track of approximately 90 million patent documents in countries around the world and is recommended. The example below is for a patent application from the United States that makes reference to collections from the Bahamas and can be viewed on the main worldwide patent database espacenet operated by the European Patent Office here.

In this example we can see that the unique document identifier US2001049387A1 consists of the following [US] – the country code – [2001] the year of application – [049387] – the unique numeric identifier, and [A1] known as the “kind code” for the type of document (in this case a patent application).

The strength of this system is that the components combine into a unique identifier that is; a) distinctive, and; b) easy to retrieve.

The relevance of this type of numbering system becomes apparent when we consider the section of this patent application that makes reference to biological collections in the country. In this case the example is from the Bahamas (See the first paragraph highlighted or read directly here).

In this case, the applicants make reference to a sponge specimen 23-XI-98-3-002 and a HBOI CatNo. 003:00973. Under the proposal advanced in this document the ABS domestic legislation, permit terms and conditions and associated MAT could require recipients of a permit to disclose the permit number (e.g. BS20151234) in any patent application arising from the research.

An important feature of this system as deployed within patent databases is that the unique identifier is used to store all documents that relate to a particular application over time. In this case the United States application was also filed in Europe at the European Patent Office and this document can be identified in the patent family of the US document. European Patent Application EP1259502A2 was filed prior to the introduction of the year into the identifier. However, for our purposes the document is important because in Europe it is possible to access all documents linked to that application, including formal communications between the patent office and applicants in the European Patent Register. Figure x displays the list of documents linked to this identifier.

It is immediately clear that the use of this unique identifier system allows all documents related to that identifier to be linked together into an electronic file history for each application. We propose a very similar system where a unique identifier is used to link all documents arising from a permit application both internally within the system and for samples, publications and patent applications arising from the research. Specifically, the use of the unique identifier to generate labels for samples and specimens would facilitate the monitoring of compliance by users.

This type of unique identifier is simple, easy to use and robust over time. For that reason it is recommended as the first component of the triple system.

Simple Barcodes

The second system is the standard bar code which can be optically scanned to reveal basic information. The bar code system was developed in the 1960s and became ubiquitous for tracking and scanning products from the 1970s onwards. A range of bar code types are available along with free bar code generators. A simple example using a free tool is provided below. This bar code could be attached to documents and samples with basic information that could be encoded into the bar code. The advantage of a simple bar code is simply that it can be scanned by a machine.

Quick Response Codes (DR Codes)

The third system is QR (Quick Response) codes which provide a much greater level of embedded detail than bar codes and can be used to embed geographic and other information. An example is provided below.

The information in this QR code can be read using free software on a smart phone such as an iPhone or Android phone, as can be seen in the image below (using QRReader on the iPhone). QR codes are normally open. However, encryption of data may potentially be desirable so that only authorised users (police, customs, port authorities) can scan the contents.

The combination of the three systems would meet the requirement for triple redundancy. The main issue is not likely to be the means to generate the identifiers and codes but with ensuring that both authorities and applicants consistently use the identifiers and codes in documentation (including sample documentation) linked to a permit and associated ABS contract setting out MAT.

Finally, the use of identifiers is likely to be desirable in cases where ABS domestic frameworks include DNA and amino acid sequence data arising from research under a permit and associated MAT. This requires further exploration but is briefly considered below.

Other Electronic Coding Systems

Additional options include a requirement to use the basic unique identifier (BS20151234) in the documentation entered into databases for DNA and amino acid sequence data or html embed codes (for web publications).

In the case of DNA data an example of the existing use of identifiers, and the ability to monitor DNA sequence and amino acid information is provided by the Barcode of Life Database (BOLD).

Information using species names or identifiers can be retrieved using the taxize package in R which generates the following link for a search for a species name:

library(taxize)
get_boldid(searchterm = "Prunus africana")
## 
## Retrieving data for taxon 'Prunus africana'
## [1] "191949"
## attr(,"class")
## [1] "boldid"
## attr(,"match")
## [1] "found"
## attr(,"uri")
## [1] "http://boldsystems.org/index.php/Taxbrowser_Taxonpage?taxid=191949"

That URL can then be accessed through the BOLD website and produces a list of sequence related records.

Selecting Access Published & Released Data produces the following list of records.

The final record in this list includes a specimen image and the following information:

A significant amount of information is contained in this record, including the record number, sample ID, Museum ID, where the specimen is located along with where the material was collected, by whom, along with the sequence listing. A link is also provided to the Sequence ID and GenBank Accession number as seen below.

As this demonstrates, it is increasingly possible to rapidly access sequence and associated record information for a particular species or list of species. Given the presence of multiple ID fields it appears reasonable to assume that the simple permit identifier (e.g. BS21051234) in sequence records arising from research could be included in the conditions of the permit and associated MAT. This could readily lead to the creation of an archive of electronic records for biodiversity in a country that contain known sequence data. Uses of such sequences could then become amenable to monitoring using the relevant IDs or sequence searching for identical or similar sequences using BLAST (Basic Local Alignment Search Tool) and associated tools.

Conclusion

In this section we have discussed the use of unique identifiers and the application of the principle of triple redundancy as part of the design of the online permit and monitoring system. Unique identifiers using standardised country codes, dates and sequences of numbers allow for the construction of an internal permit system that establishes and maintains links between a permit application and associated documents (MAT) and communications. This system already works well for millions of patent documents. The principle of triple redundancy was then applied to the generation of labels containing identifiers that could be used to maintain links between the original permit and samples, publications, patent applications, and sequence data originating from the grant of a permit under an ABS framework. The use of free tools (such as taxize in R) allows this information to be readily retrieved from a range of different data sources. While requiring further elaboration, the use of unique identifiers combined with the principle of triple redundancy provides a route to cost effective monitoring.